ଉଇକିପିଡ଼ିଆ:User account security
This is an information page, and describes communal consensus on some aspect of Wikipedia norms and practices. While it is not a policy or guideline itself, it is intended to supplement or clarify other Wikipedia practices and policies. Please defer to the relevant policy or guideline in case of inconsistency between that page and this one. |
This page in a nutshell: Failing to use a sensible password can lead to temporary loss of editing access and may lead to permanent loss of privileged access. |
All registered users have a password which works like any login password. Passwords help ensure that someone does not masquerade as another editor. Editors should use a strong password to avoid being blocked for bad edits by someone who guesses or "cracks" other editors' passwords.
As a rule of thumb a password that is reasonably long, with a mix of upper and lowercase letters and numbers, and not mostly made up of dictionary words or names or personal information (date of birth, cat's name, etc), is likely to be reasonably strong for everyday use. However it is left up to users to decide how strong a password they wish to use beyond this.
Some actions on Wikipedia can only be carried out by privileged editors. The most common kind of privilege is adminship. It is especially important that privileged editors have strong passwords. Administrators, bureaucrats, checkusers, stewards and oversighters discovered to have weak passwords, or to have had their accounts compromised by a malicious person, may have their accounts blocked and their privileges removed on grounds of site security. In certain circumstances, the revocation of privileges may be permanent. Discretion on resysopping temporarily desysopped administrators is left to the bureaucrats, provided they can determine that the administrator is back in control of the previously compromised account.
Although the definition of "strong password" is deliberately left unspecified, privileged editors are required to use strong passwords and are informed that the developers will occasionally try to crack their passwords and disable those that can be cracked.
For advice on personal security, including passwords, see Wikipedia:Personal security practices and Keys to a Strong Password.
Users are encouraged to provide an email address in their preferences, as this enables them to reset their password via email if necessary. (Providing an email address also makes possible communication with other users via email; this can be disabled in preferences by unchecking the option "Enable e-mail from other users".)